Sensitive components in the office

The standard office workplace is classed as one of the many possible targets of attack found within a company. Cyber criminals typically target hardware and software, both of which must be protected by appropriate cyber security measures.
Work is usually done on a personal computer that accesses programs and data available on servers in a network. The software or hardware that is capable of using certain services provided by a server is also referred to as a "client". An IT system of this type is normally integrated into a client-server network and has drives for removable storage media, additional interfaces for data exchange and other peripheral devices such as printers. All these elements of the workplace represent sensitive interfaces via which an attack can take place.

Office software and browser-based applications

Standard office software and special office applications also offer a gateway for cyber criminals to attack. In most cases, a company will use standard software, which the organisation in question is able to install and customise itself, throughout its operations. Office products are part of the basic IT tools that many different companies rely on. They include programs for word processing, spreadsheets and creating presentations, which are used to obtain and process information. These can also become targets if vulnerabilities in software or configurations are exploited by cyber attackers.
In addition, every stationary or mobile client generally has a web browser for using various private and business applications. The majority of websites use embedded videos, animated elements and other active content, plus they incorporate plug-ins and external libraries, for example. This comes with significant potential for technical vulnerabilities or design errors, which entails huge risks pertaining to attacks from the Internet.

Documents and information

The following section provides a range of information and guidance from the Federal Office for Information Security (BSI) and the Alliance for Cyber Security (ACS) on how to improve cyber security in a standard office workplace. The aspects of social engineering and working from home or remotely are treated as separate targets of attack. You will find information on and recommendations for these on the corresponding topic pages.
Please note that some of these documents are not accessible to the public and instead require you to log in to the Alliance for Cyber Security website.